lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1R4s32-0006RK-LA@titan.mandriva.com>
Date: Sat, 17 Sep 2011 12:23:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:130-1 ] apache

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2011:130-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : apache
 Date    : September 17, 2011
 Affected: 2011.
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in apache:
 
 The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through
 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a
 denial of service (memory and CPU consumption) via a Range header
 that expresses multiple overlapping ranges, as exploited in the
 wild in August 2011, a different vulnerability than CVE-2007-0086
 (CVE-2011-3192).
 
 The updated packages have been patched to correct this issue.

 Update:

 Packages for Mandriva Linux 2011 is now being provided as well. Enjoy!
 
 * apache has been upgraded to the latest version (2.2.21) for 2011
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 5c4825e4c63b4a06c68a5fd81517de71  2011/i586/apache-base-2.2.21-0.1-mdv2011.0.i586.rpm
 b5a00191b27804f9735643cdcd704b19  2011/i586/apache-conf-2.2.21-0.1-mdv2011.0.i586.rpm
 49defd7efbb4a37ec49c01c7ef9c64aa  2011/i586/apache-devel-2.2.21-0.1-mdv2011.0.i586.rpm
 a023e40689777630df036eae1a84a475  2011/i586/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm
 f03744bb74a3e0872cb08465799c3ee1  2011/i586/apache-htcacheclean-2.2.21-0.1-mdv2011.0.i586.rpm
 bb9efa66089deef66f9434b813d41a95  2011/i586/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.i586.rpm
 bb334eb7fe43927ba7c6c9196b4e1fd1  2011/i586/apache-mod_cache-2.2.21-0.1-mdv2011.0.i586.rpm
 086b5ed82c064b16964fff70bf9c841e  2011/i586/apache-mod_dav-2.2.21-0.1-mdv2011.0.i586.rpm
 115008b2471e10ea01689dafe5c46bcd  2011/i586/apache-mod_dbd-2.2.21-0.1-mdv2011.0.i586.rpm
 6b686ec6612ff8740d1e482faa06c544  2011/i586/apache-mod_deflate-2.2.21-0.1-mdv2011.0.i586.rpm
 8c8f14074bc0dbbeb2b3890611f95c6b  2011/i586/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.i586.rpm
 b03569edc20c9393e0b5eea09f590368  2011/i586/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.i586.rpm
 343703d3822a6757e000edeebe7e0a06  2011/i586/apache-mod_ldap-2.2.21-0.1-mdv2011.0.i586.rpm
 3457011403525d40e525716c4da8e477  2011/i586/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.i586.rpm
 3d060145b3665ca4c0b309f812af9370  2011/i586/apache-mod_proxy-2.2.21-0.1-mdv2011.0.i586.rpm
 a0e00b0610eb5a8c5c57afabeafc07f8  2011/i586/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.i586.rpm
 dd4bb38bbc2997ca398fb37225eca371  2011/i586/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.i586.rpm
 2966cdfddf02fa32447711af6a3046dd  2011/i586/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.i586.rpm
 48774d9c282dc476f35a0c8b2e821a7f  2011/i586/apache-mod_ssl-2.2.21-0.1-mdv2011.0.i586.rpm
 7b832f85bd258abf0c7abb161f4028b4  2011/i586/apache-mod_suexec-2.2.21-0.1-mdv2011.0.i586.rpm
 1c6b93eaa5b27477989bf82ea9a63685  2011/i586/apache-modules-2.2.21-0.1-mdv2011.0.i586.rpm
 1e7dc0ee3fafae8a786be0cc164ebe4a  2011/i586/apache-mod_userdir-2.2.21-0.1-mdv2011.0.i586.rpm
 ab2d074f2dfe57a64b022d4e6b8254ab  2011/i586/apache-mpm-event-2.2.21-0.1-mdv2011.0.i586.rpm
 a22debf09366b64e236965a4091009e9  2011/i586/apache-mpm-itk-2.2.21-0.1-mdv2011.0.i586.rpm
 174aed4327491b83f147f3b4e76bcd1f  2011/i586/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.i586.rpm
 e141881c27496e7e74ad7f3f566a1bd2  2011/i586/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.i586.rpm
 97893069a3d6eb73e3773bc0ee78c9a4  2011/i586/apache-mpm-worker-2.2.21-0.1-mdv2011.0.i586.rpm
 fe530e2da15b3e0bf14c617824ff82c9  2011/i586/apache-source-2.2.21-0.1-mdv2011.0.i586.rpm 
 4376094cd799523a1a7666f4e768707d  2011/SRPMS/apache-2.2.21-0.1.src.rpm
 b37e2a1dafb6883a10cefb4140e9635e  2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm
 d83c587ad4d56a31362f67334bbf9455  2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm
 0b4a145fd5ff8c11a53956f750cdbd42  2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 8837c56966896e10d3403956e7cf86ac  2011/x86_64/apache-base-2.2.21-0.1-mdv2011.0.x86_64.rpm
 aec6da25319585e53623471734f99c57  2011/x86_64/apache-conf-2.2.21-0.1-mdv2011.0.x86_64.rpm
 e8600455214ad4f2303d9f36576e4952  2011/x86_64/apache-devel-2.2.21-0.1-mdv2011.0.x86_64.rpm
 90694f3211fca3d436ec4130b8bb43e2  2011/x86_64/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm
 fd3f6a51c8abf8b1ff8356489ba6d6e1  2011/x86_64/apache-htcacheclean-2.2.21-0.1-mdv2011.0.x86_64.rpm
 796c8129bbc160455587bc54c58c2220  2011/x86_64/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm
 61add54b6e0c8306dff065a150b262e2  2011/x86_64/apache-mod_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
 cb98169c29008c256662f3a08141bf95  2011/x86_64/apache-mod_dav-2.2.21-0.1-mdv2011.0.x86_64.rpm
 5aa03ee54a7e40d41fd746fd1a223c72  2011/x86_64/apache-mod_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm
 386a956f014fe2d64dfe38fc261abd39  2011/x86_64/apache-mod_deflate-2.2.21-0.1-mdv2011.0.x86_64.rpm
 5a473bc45fa59323c4d526dd4f5a30d3  2011/x86_64/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
 aaa544f7a4912c161a2c73e222ae87d6  2011/x86_64/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
 f04054edc62a24ea9042c5b41074bd1d  2011/x86_64/apache-mod_ldap-2.2.21-0.1-mdv2011.0.x86_64.rpm
 1c97f63c1169f483d086a94b97f5c421  2011/x86_64/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
 ca912c34fec5cf470947a7f87e9705a4  2011/x86_64/apache-mod_proxy-2.2.21-0.1-mdv2011.0.x86_64.rpm
 b5ae70a8ed412e40275b4de7b639caa0  2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.x86_64.rpm
 6b11b032c13277712c336405ea23a8b0  2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.x86_64.rpm
 874a420342f1ea9278e014b79fe5a337  2011/x86_64/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.x86_64.rpm
 2757b3d7c8261563e22c41d3f94aaa29  2011/x86_64/apache-mod_ssl-2.2.21-0.1-mdv2011.0.x86_64.rpm
 6edbc6963aab9beee507f9a3c8be38a2  2011/x86_64/apache-mod_suexec-2.2.21-0.1-mdv2011.0.x86_64.rpm
 fe6143eaa1acc0de751198ea19129279  2011/x86_64/apache-modules-2.2.21-0.1-mdv2011.0.x86_64.rpm
 3e66fa1e1e2cf243c1c6472243cb86fe  2011/x86_64/apache-mod_userdir-2.2.21-0.1-mdv2011.0.x86_64.rpm
 7d45bfd7d3aa87d45d2287fdd9507847  2011/x86_64/apache-mpm-event-2.2.21-0.1-mdv2011.0.x86_64.rpm
 bce9e2cdffe45cbc4baf72f0d0c4000e  2011/x86_64/apache-mpm-itk-2.2.21-0.1-mdv2011.0.x86_64.rpm
 217bd96dfa802f7d049b6fd12600b154  2011/x86_64/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.x86_64.rpm
 cc304b9011d16d7f3cf5c8250e4d9f18  2011/x86_64/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.x86_64.rpm
 a8bb9b62c39f98a6df728d51a4fff39a  2011/x86_64/apache-mpm-worker-2.2.21-0.1-mdv2011.0.x86_64.rpm
 7d41c857be2574ac5f3ea7090a1f3c78  2011/x86_64/apache-source-2.2.21-0.1-mdv2011.0.x86_64.rpm 
 4376094cd799523a1a7666f4e768707d  2011/SRPMS/apache-2.2.21-0.1.src.rpm
 b37e2a1dafb6883a10cefb4140e9635e  2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm
 d83c587ad4d56a31362f67334bbf9455  2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm
 0b4a145fd5ff8c11a53956f750cdbd42  2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOdErbmqjQ0CJFipgRArO0AJ9MeU1I/ItvY699awHPqXD7TZZ46gCeP/Lc
OVJD0GobLzQ3q1XZS8WiqdY=
=O8Ag
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ